[jboss-cvs] JBossAS SVN: r58048 - branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates

Thu Nov 2 23:56:59 EST 2006

Author: anil.saldhana at jboss.com
Date: 2006-11-02 23:56:58 -0500 (Thu, 02 Nov 2006)
New Revision: 58048

Modified:
   branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebJACCPolicyModuleDelegate.java
Log:
SECURITY-13: use the security context roles that would have gone through the role mapping framework

Modified: branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebJACCPolicyModuleDelegate.java
===================================================================

--- branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebJACCPolicyModuleDelegate.java	2006-11-03 04:55:35 UTC (rev 58047)
+++ branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebJACCPolicyModuleDelegate.java	2006-11-03 04:56:58 UTC (rev 58048)
@@ -41,6 +41,7 @@
 import org.apache.catalina.connector.Response;
 import org.apache.catalina.deploy.SecurityConstraint;
 import org.jboss.logging.Logger;
+import org.jboss.security.AuthorizationManager;
 import org.jboss.security.authorization.AuthorizationContext;
 import org.jboss.security.authorization.PolicyRegistration;
 import org.jboss.security.authorization.Resource;
@@ -61,6 +62,7 @@
 public class WebJACCPolicyModuleDelegate extends AuthorizationModuleDelegate
 {   
    private Policy policy = Policy.getPolicy();
+   private AuthorizationManager authorizationManager;
 
    public WebJACCPolicyModuleDelegate()
    {  
@@ -80,6 +82,11 @@
 
       if(map.size() == 0)
          throw new IllegalStateException("Map from the Resource is size zero");
+      //Get the Authorization Manager
+      authorizationManager = (AuthorizationManager)map.get(ResourceKeys.AUTHORIZATION_MANAGER);
+      if(authorizationManager == null)
+         throw new IllegalStateException("Authorization Manager is null");
+      
       //Get the Catalina Request Object
       Request request = (Request)map.get(ResourceKeys.WEB_REQUEST);
       Response response = (Response)map.get(ResourceKeys.WEB_RESPONSE);
@@ -163,6 +170,7 @@
    {  
       // Get the caller principals, its null if there is no caller
       Principal[] principals = null;
+      /*
       if( caller != null )
       {
          if( trace )
@@ -170,7 +178,17 @@
          Set principalsSet = caller.getPrincipals();
          principals = new Principal[principalsSet.size()];
          principalsSet.toArray(principals);
+      }*/
+      
+      //Previously we relied on principals in the subject. Now we use
+      //the security context roles
+      if(authorizationManager != null)
+      { 
+         Set<Principal> roleset = authorizationManager.getUserRoles(requestPrincpal);
+         principals = new Principal[roleset.size()];
+         roleset.toArray(principals); 
       }
+      
       return checkSecurityAssociation(perm, principals);
    }
    
@@ -235,7 +253,7 @@
    }
 
    /**
-    * Perform hasRole check
+    * Perform hasRole check 
     * @param principal
     * @param role
     * @param roles


